PROBLEM:
Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions
PLATFORM:
ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX
ABSTRACT:
A vulnerability was reported in Adobe ColdFusion.
REFERENCE LINKS:
SecurityTracker Alert ID: 1027853
Adobe Vulnerability identifier: APSB12-26
CVE 2012-5675
IMPACT ASSESSMENT:
High
DISCUSSION:
Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
IMPACT:
A remote authenticated user or a local user can obtain elevated privileges on the target system.
SOLUTION:
Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote